Risk Management Third-Party
Resume:
Seyi Adeworan, CRISC, CISA
Tel:-240-***-**** ************@*****.*** Washington DC
Third-Party Risk Management Cyber & Tech Risk Program Management
Profile Summary
A quality-driven Third-Party Risk Management professional with vast years of experience in managing and safeguarding enterprise information systems, conducting vendor security reviews, optimizing operational processes, and mitigating risks through the implementation of information assurance controls. Skilled in conducting risk assessments across diverse industries, including Financial Services, Technology, Media, and Telecommunications (TMT) with extensive knowledge of governance risk, and control implementation related to various industry standards and compliance frameworks. Proficient in NIST 800-53 Rev 4, 800-37, 800-137, ISO 27001, IS0 31000, HIPAA/HITRUST Standards, SSAE 18: SOC 1 and SOC 2, SIG, FedRAMP, and PCI-DSS compliance, to ensure secured and prompt communication of findings, deployment of questionnaires to the vendors, track vendor progress on remediation with the ability to analyze, articulate, and solve complex problems while navigating intricate management structures with a proven track record of successfully driving strategic Third-Party Risk Management programs.
Business And Technology Skills
Control Testing Methodologies
Business Continuity & Disaster Recovery
GRC Tools (RSA Archer, ProcessUnity, One Trust, Service Now, Prevalent, Jira, Security Scorecard, RiskRecon, BitSight, Black Kite)
Risk and Control Self-Assessment (RCSA) & Issue Management
IT Security Control Frameworks Implementation (NIST, ISO, PCI DSS, ISO 27001, HIPAA, HITRUST, GGRC)
Cloud Assessment
Risk Management (ERM&ORM)
TPRM and Remediation Management
IT Compliance
Legal Agreement Review
Security Incident Response
Excellent Analytical and Problem Solving
Report Preparation and Experience writing Company policies
Professional Experience
GuideHouse (Freddie Mac) October 2022 - Present
Senior Third-Party Risk Assessor
Conducting periodic review processes and utilizing information from both internal and external sources to perform risk assessment on third-party parties, facilitating collaboration among Subject Matter Experts and Contract Owners.
Plan and conduct security risk assessments for assigned third-party vendors to continuously determine design adequacy and control operating effectiveness.
Prepare comprehensive reports, document findings, and deliver assessments to Contract Owners and relevant stakeholders.
Coordinate meetings, including pre-assessment meetings, findings reviews, and supplier risk assessment kickoff meetings, while overseeing the assessment process with both internal and external stakeholders.
Proficient in utilizing third-party risk management tools like Process Unity to facilitate secure and efficient communication of findings, distribute questionnaires to suppliers, monitor progress in completing assessment questionnaires, and review suppliers’ documentation such as, SOC 2 Type II reports, Penetration Test reports, Information Security Policies, Disaster Recovery Test results, Business Continuity Plans.
Promptly escalate suppliers' noncompliance to internal stakeholders.
Evaluate the operational suitability of assigned third parties by reviewing due diligence reports.
Examine supplier questionnaires to verify comprehensive coverage of newly discovered threat signatures.
Ensure that third-party relationships conform to company policies, adhere to regulatory guidelines, and align with industry best practices.
Collaborate with the Legal team to respond to customer proposals, Non-Disclosure Agreements (NDA), and security addendums in contracts.
Support the Government Industry Relations team in verifying suppliers not engaged in offshoring activities
Collaborate with the Contract Owner on remediating findings, ensuring prompt resolution of all identified gaps from the assessment.
Deloitte March 2021 – October 2022
Senior Cyber and Strategic Risk Consultant
Oversaw the necessary due diligence for onboarding, recertification of risk, and ongoing monitoring of assigned third-party relationships.
Conducted third-party risk assessments by administering inherent risk questionnaires, and vendor surveys, evaluating due diligence documentation, and offering effective challenges within the risk assessment process, covering areas such as cloud security, infrastructure, and more.
Facilitated and documented kick-off and risk review meetings involving vendor owners, subject matter experts, and stakeholders to introduce potential vendors and engage in due diligence discussions or address any issues.
Engaged in vendor contract review and negotiations to ensure the inclusion of information security clauses supporting the security process.
Supervised continuous monitoring of critical vendors using the security scorecard platform and delivered biweekly reports to leadership for informed business decisions.
Reviewed documentation and generated reports using platforms such as RSA Archer, FedRAMP, GGRC, and One Trust.
Delivered comprehensive assessment reports to the business owner and collaborated with both business owners and vendors to ensure the timely remediation of identified risks.
Recognized for consistently achieving 100% assessment completion and consistently meeting timelines.
American Express April 2016 – February 2021
Third-Party Risk Analyst
Reviewed due diligence information for onboarding new vendors and conducted annual periodic reviews. Ensured timely and efficient completion of risk assessments, control assessments, and documentation reviews.
Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure the protection of data at the vendor sites.
Worked with the vendors to ensure risks identified were remediated within a reasonable time.
Provided detailed reports of assessments to business owners and the vendor management office.
IBM September 2014 – March 2016
Cyber Security Analyst
Planned and conducted security risk assessments for all third-party vendors.
Provided ongoing monitoring for third-party risk due diligence using BitSight.
Risk Assessment including Business Continuity, Incident Management, Business Impact Analysis (BIA), Identity and Access Management, Change Management, Physical Security, Vulnerability Management, Data Loss Prevention, Encryption
Reviewed controls based on HITRUST CSF, NIST 800 series, HIPAA Security Rules, and AICPA's SOC1/2 control frameworks.
Led control mapping and conducted gap analysis for IT Risks and Controls.
Ensured third-party relationship adhered to the company's policies, procedures, and compliance with regulatory guidelines and industry best practices
Participated in reviewing and improving the Information Security Controls implemented in the organization.
Education
University of Maryland Global Campus, MS - Cybersecurity Management & Policy (In Progress)
University of Lagos, BS - Estate Management / Minor Information Technology
Professional Certification
Certified in Risk and Information Systems Control (CRISC)
Certified Information System Auditor (CISA)
Certified Cloud Practitioner
Contact this candidate